Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp1161673lqb; Sat, 25 May 2024 08:15:57 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUpVQSGNCdhvddu0O0Jzh9D4vlhYVB+tTfqbjg1bpJ/j5Ls7riuCMT3lCmd9DaPbb3exPvwNnCdEK4D10sQ0kYDKiD9qNSAUicptzqY2w== X-Google-Smtp-Source: AGHT+IFBnncDMvgfuitpVm8RSLFg/HI3q5mfAopIotCeprvZQK6bmoFgDhSUuoS7YTtXEszS2m9o X-Received: by 2002:a05:6a20:5506:b0:1ad:999b:de47 with SMTP id adf61e73a8af0-1b212e5b906mr4456651637.51.1716650157251; Sat, 25 May 2024 08:15:57 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716650157; cv=pass; d=google.com; s=arc-20160816; b=i2/pE5xAY6eHKJgA9nNnsAjRK+vDcYNdhvRlLufHZmY61ow6Qlk2ReqPj3bgfyzlXv F7/kl1qrfGY9f3EVC1FQtMn2ZMTkyRKfV4tKlNUhZwUlfl5pLxwRqAKy/sKEoeLn/eo1 PA8rOkJ/KuqormfKhlGAG1Vje+GFIjesmv4VpbKeUiYYrHMU9mkCRuVYDI1YCyRfyvxE f8bVt5X5jjNYqfjwHYF4T/jSx34fQi3slRlPMdjpS2QfBDxao3LnA2epi2HbhVLppaFw Z3i0PHus93Ay3AkNoNIo7A37MgukrEYJp49Dx+lcIOgW1w5pElfTSwaB6cs8hT7rv7N0 MFOQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=ymSl4/IHds8y9nRfeDTlvgBaYw6k7yYcA5Q0X+dzhzg=; fh=hmGbkv3tgE6pJeDbSna49k5w4c0rgaQzeR1FBVjvO5U=; b=Q46VrRvo02zSq5/sU+juo4NtkoBUWcMYZyu3VEOhgvWavJxsoAOjfPZIDky0FiMB3o T+W5wfPVvHB/R3+KPzUTAGiBU7Ql5anfq7Fa9qcQsVhrdcZt8FL+CGDPhuAU8VZTqKD8 7MlecGpZ7T7LwxfkQ6uTw9+u2JIY9S1ogveC+McaOcWIyT8dm0OScGCNoPoEtCWQMXRh a1TzRu73bT6ffmOoMLZ8xyulgR6BqE/w29ZOTSf6Y0AWzKakrdUXRAn2kXOQ6VgUu280 umfFvO1wOG9p1ZbrOohrgnyuYO8Ixc1iRIKjaiGaW66JUTbs9kBLxIU3yi6UtpZjteKz +Apw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EtdhsD21; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-189414-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-189414-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-682288e8761si3102071a12.519.2024.05.25.08.15.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 May 2024 08:15:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-189414-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EtdhsD21; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-189414-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-189414-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8794F281812 for ; Sat, 25 May 2024 15:15:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8400F84047; Sat, 25 May 2024 15:15:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EtdhsD21" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 941661429E; Sat, 25 May 2024 15:15:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716650148; cv=none; b=c8MZVi74P9VKe+kr1Sse76+VawtyL+5i0cMStXKvQ8mKPv2dANDk7WLxU9hUU9IZLYJtzyyQNsz7/x0pxHoMlMOlMLkK8IMfqY6yUd6dOfWXLiBasI6F3p1vv+hx12y5zIPtV2KlUdt4eFeyZsFvtf1By8oRfr6XO/0D8H5aRiE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716650148; c=relaxed/simple; bh=wa6xP9S3uLlfg3n05vhFPt+ult4CTmP8SbHN1IB6x8k=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=KyD95gB5RCbXHB85BuOfwDBFCKWhDdeqYso2dpsGt9gH7j52ey2Fr9KVjWECY4y54EUjh/SxgmYKVK95urEirwLjGoRYn/lUS7n+kptEkIgef+pG4fUFsIHdPu99N+p2YcqIoC9qTYLNU0nl9G7s8PDDO5rj5yqrtt6ARqm1jUs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EtdhsD21; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5E0DC2BD11; Sat, 25 May 2024 15:15:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716650148; bh=wa6xP9S3uLlfg3n05vhFPt+ult4CTmP8SbHN1IB6x8k=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=EtdhsD21R6oyJ+uqt0hQcgFgh0snb4v+N6wSvwXT2XYlgYogoAL/13xwlDlzxDJag LpH3cjRPZmTOpgBEmYl4pz4O+Nf+jyJ0fj+cVfIy8L5/MgWQwK4j99+mKrGw00Qu28 EN6pNZfN06ZXmKry8u67XOiHwUL5TtCf24E5LIQTYVcEYHHveRYlFbyVbyWkY9WiNh Mt/lt56vD/IRJpQnhEs5iDLz9M7KRtUTidg3vj43D0I6G1ao1AkA5v3gFXq5+JSUrZ fUn1c2MNp7rkVqciE5C+qucjVuDphhB8UGM1oqRAOy1m4xTtLLPHse+lrcGKOsiadI Zsl3XjysNN09w== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 25 May 2024 18:15:43 +0300 Message-Id: Cc: , , "Mimi Zohar" , "David Howells" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , , Subject: Re: [PATCH] KEYS: trusted_tpm2: Only check options->keyhandle for ASN.1 From: "Jarkko Sakkinen" To: "James Bottomley" , X-Mailer: aerc 0.17.0 References: <20240525123634.3396-1-jarkko@kernel.org> In-Reply-To: On Sat May 25, 2024 at 4:42 PM EEST, James Bottomley wrote: > On Sat, 2024-05-25 at 15:36 +0300, Jarkko Sakkinen wrote: > > tpm2_load_cmd incorrectly checks options->keyhandle also for the > > legacy format, as also implied by the inline comment. Check > > options->keyhandle when ASN.1 is loaded. > > No that's not right. keyhandle must be specified for the old format, > because it's just the two private/public blobs and doesn't know it's > parent. Since tpm2_key_decode() always places the ASN.1 parent into > options->keyhandle, the proposed new code is fully redundant (options- > >keyhandle must be non zero if the ASN.1 parsed correctly) but it loses > the check that the loader must specify it for the old format. > > What the comment above the code you removed means is that the keyhandle > must be non zero here, either extracted from the ASN.1 for the new > format or specified on the command line for the old. My code change was plain direct to the word interpreation of the comment. So I just take the last paragraph of yours and instead fix the misleading comment: /* * Keyhandle must be non zero here, either extracted from the ASN.1 for * the new format or specified on the command line for the old. */ BR, Jarkko